VIMAGE + ipfilter fix
Craig Rodrigues
rodrigc at FreeBSD.org
Thu Nov 20 08:21:01 UTC 2014
On Wed, Nov 19, 2014 at 6:32 PM, Cy Schubert <Cy.Schubert at komquats.com>
wrote:
> In message
> <CAG=rPVcodQDGD-v8TGaNOLZ_A6_cJM=vbWOMjxyQJ_U=EpB9Ww at mail.gmail.c
> om>
> , Craig Rodrigues writes:
> > Hi,
> >
> > Can folks take a look at this?
> >
> > https://reviews.freebsd.org/D1191
> >
> > It fixes a crash in ipfilter when a VIMAGE kernel is booted.
>
> Tested here. It addresses the issue.
>
> Looking at pf however, global variables were made VIMAGE aware. I've been
> working on the global variables since yesterday afternoon (fixing other
> issues along the way). If you want I can commit or you can. I'll continue
> to work on completing the work I started.
>
There are two issues here:
(1) Eliminating kernel panics that occur when someone boots a VIMAGE
kernel, and
uses ipfilter but not inside a vnet jail.
(2) Virtualizing the variables inside ipfilter so that ipfilter can be
used inside a vnet jail.
With this patch, I made good headway on fixing (1).
I am definitely not signing up to do (2). However, since you are
working on it, that is good, so at least some progress.
Thanks for doing the review, and taking on the task of fixing ipfilter.
I appreciate your help, and efforts.
I have done the commit.
--
Craig
More information about the freebsd-net
mailing list